This page provides some examples of projects and/or paper ideas that you can peruse for the research project part of this course. The list is short and (hopefully) varied. If you have another idea for a project and/or paper you must present it to me first for approval. Any project and/or paper should address the accounting/compliance relevance of IT security. The process of completing the research project will include several deliverables to ensure that you are making adequate progress towards completion by the due date.
Title to secure your topic (I will only allow two groups to do the same topic, so if you know what you want to do let me know ASAP or post it to your project page - first come first serve) Due Date: 01/31/2013
Prepare a short summary (no more than one page) of your project or paper idea. Included in this summary must be a description of how your project/paper will integrate accounting/compliance with IT Security. Due Date: 02/14/2013
Along with the summary, prepare a description (narrative or bullet points) of what you plan on accomplishing with your project/paper and how I should assess your achievement of these goals. Your assessment criteria MUST include a quantitative benchmark or rubric that I will use in assessing your paper. Due Date: 02/14/2013
5-7 page draft of project/paper for review. Due Date: 02/28/2013
Final paper with proper citations (MLA or other style, just be consistent) and bibliography. Due Date: 04/18/2013
For papers, the final length should be 10 pages, double spaced, 12 pt font (I prefer Arial, but you can choose). I will accept Word documents and/or Pages documents. The length of the project will depend on the project and will be agreed to between the student and myself as part of the short summary. Please submit your paper/project reports via your team wiki page.
Team Work/Group Grading:
The research/project report will be done in small groups. Each group will have 4-5 students and groups need to be formed no later than 01/24/2013. Each group will be provided a team page via this wiki that will be private to each group (but I will have access to it as well) for supporting the research/project work. As soon as you know your topic (and I've approved it) give me a team name and group members and I'll set up your team page.
Working as a group I expect each finished paper to be better than any one individual could have accomplished with the time allocated for this assignment. Therefore, it is my expectation that everyone in the group will work equally hard towards their goal (hopefully an A). I also know that sometimes this does not happen and sometimes a weak group member can be rewarded for the hard work of others. This is as unacceptable to me as I hope it is to each group. To provide accountability for each group member, the final grade for the research/project report will be provided after each group member provides an assessment of there group members. This will be accomplished via email, in which each group member sends me an email listing the names of who was in their group. Simply I will require a score between 0 and 100 assessing the effort of each group member (not including yourself). A 0 score would mean you were told this person was in your group but you don't know who they are (this is not a good thing), a 100 means the project could not have been accomplished without this person. It is quite acceptable to give each group member a score of 100 if everyone worked equally well. After receiving the assessments, they will be averaged and that average used as a weight applied to the research/project paper score. For example, if the paper submitted receives a score of 185/200 and your average assessment from your group members is 85%, your research/project paper grade will be 157.25/200. This is a significant reduction from an A- grade to a C+ grade, so be careful with your assessments. (This same weighing will be applied to the research paper presentation score).
Assessment Rubric:
Grammar, style, etc. This is not an English class but I should be able to read your paper and it should be free of gross grammatical errors, so the readability/grammar/spelling will count towards 10% of the overall project/paper score.
The extent to which the project/paper address' the integration of accounting/compliance with IT security will count for 35% of the overall project/paper score.
The depth of your research, i.e. how much outside references are used will count for 10% of the project/paper score. This means that to receive the full 10% you will need to do more than cite things like Wikipedia (though that is fine) or do Google searches. You will need to read and incorporate research articles[1] as well as practical articles.
My overall assessment of your paper, 25%.
Your project/paper assessment goals (based on your rubric, see above), 20%
Project Ideas:
Using OCTAVE Allegro, create an risk assessment, using the OCTAVE Allegro worksheets, for an organization you work for or have access to. Identifying between 5-7 critical information assets. Beyond the risk assessment this project requires a summary of how risk assessment fits within the IT Governance frameworks.
Describe COSO's ERM Framework (2004), Key Risk Indicators (2010). Using material from our book and website determine a set of KRI's that could be useful in anticipating IT Security exploits, i.e. can we scan our internal/external environment for possible increased risk so that we can react to it beforehand? Before proceeding with this project you will need to discuss the number of exploits to be examined.
Paper Ideas:
Using the various standards/frameworks, COBIT, ISO, ITIL, etc. create a report of the similarities between them and come up with a list of common controls, i.e. create a grand unified control document. The paper should include summaries of each of the frameworks included and a compare/contrast section.
Research and prepare a report on the compliance issues related to SOX and IT Security.
In-depth analysis of a current topic related to accounting and IT-Security (e.g. cloud computing).
^ Research articles come from peer-reviewed journals, they are not website articles/blog posts. Though it is acceptable to have website/blog posts as a component of your research it should not constitute all of your research. If you need help in finding peer-reviewed journal articles talk with a research librarian and they can help.
Introduction:
This page provides some examples of projects and/or paper ideas that you can peruse for the research project part of this course. The list is short and (hopefully) varied. If you have another idea for a project and/or paper you must present it to me first for approval. Any project and/or paper should address the accounting/compliance relevance of IT security. The process of completing the research project will include several deliverables to ensure that you are making adequate progress towards completion by the due date.
For papers, the final length should be 10 pages, double spaced, 12 pt font (I prefer Arial, but you can choose). I will accept Word documents and/or Pages documents. The length of the project will depend on the project and will be agreed to between the student and myself as part of the short summary. Please submit your paper/project reports via your team wiki page.
Team Work/Group Grading:
The research/project report will be done in small groups. Each group will have 4-5 students and groups need to be formed no later than 01/24/2013. Each group will be provided a team page via this wiki that will be private to each group (but I will have access to it as well) for supporting the research/project work. As soon as you know your topic (and I've approved it) give me a team name and group members and I'll set up your team page.Working as a group I expect each finished paper to be better than any one individual could have accomplished with the time allocated for this assignment. Therefore, it is my expectation that everyone in the group will work equally hard towards their goal (hopefully an A). I also know that sometimes this does not happen and sometimes a weak group member can be rewarded for the hard work of others. This is as unacceptable to me as I hope it is to each group. To provide accountability for each group member, the final grade for the research/project report will be provided after each group member provides an assessment of there group members. This will be accomplished via email, in which each group member sends me an email listing the names of who was in their group. Simply I will require a score between 0 and 100 assessing the effort of each group member (not including yourself). A 0 score would mean you were told this person was in your group but you don't know who they are (this is not a good thing), a 100 means the project could not have been accomplished without this person. It is quite acceptable to give each group member a score of 100 if everyone worked equally well. After receiving the assessments, they will be averaged and that average used as a weight applied to the research/project paper score. For example, if the paper submitted receives a score of 185/200 and your average assessment from your group members is 85%, your research/project paper grade will be 157.25/200. This is a significant reduction from an A- grade to a C+ grade, so be careful with your assessments. (This same weighing will be applied to the research paper presentation score).
Assessment Rubric:
Project Ideas:
Paper Ideas: